General

  • Target

    UNDERLIKERS.exe

  • Size

    33KB

  • Sample

    240621-m11w5swhne

  • MD5

    831b2d57ffbe1a04cf11b93d3f67c5db

  • SHA1

    222e8f9435cab537604a393315ba7c4be4f48520

  • SHA256

    be977ea7ac25d4ca29bf5d498af57ff0656c3cf81daa9ea28a69c3e405a9e0d7

  • SHA512

    6c476652dd58b92d89b5765971a38c2eaced713bdb5af943289e92f039b43c127e1bf972df6800884c365726b8751cab43841aee56397dd02627127fe8924d95

  • SSDEEP

    384:sWrVqCDweO/a5KxxL4aQDc2ETU8XYYR+gtFqBLTiZw/WNnvK9IkVurNhTxOjhe/R:ZKf4TGxYYZF29RcXOjhe/3vR99dF

Score
10/10

Malware Config

Extracted

Family

xworm

Version

3.0

C2

et-hansen.gl.at.ply.gg:33635

Mutex

FQqu1fcoBM8l2f7r

Attributes
  • Install_directory

    %AppData%

aes.plain

Targets

    • Target

      UNDERLIKERS.exe

    • Size

      33KB

    • MD5

      831b2d57ffbe1a04cf11b93d3f67c5db

    • SHA1

      222e8f9435cab537604a393315ba7c4be4f48520

    • SHA256

      be977ea7ac25d4ca29bf5d498af57ff0656c3cf81daa9ea28a69c3e405a9e0d7

    • SHA512

      6c476652dd58b92d89b5765971a38c2eaced713bdb5af943289e92f039b43c127e1bf972df6800884c365726b8751cab43841aee56397dd02627127fe8924d95

    • SSDEEP

      384:sWrVqCDweO/a5KxxL4aQDc2ETU8XYYR+gtFqBLTiZw/WNnvK9IkVurNhTxOjhe/R:ZKf4TGxYYZF29RcXOjhe/3vR99dF

    Score
    10/10
    • Detect Xworm Payload

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Drops startup file

MITRE ATT&CK Enterprise v15

Tasks